On 05/12/10 02:43 PM, Darren Reed wrote:
At the bottom of this document, the man page update mentions that this feature is incompatible with enabling forwarding. Why? Shouldn't we be engineering Solaris to make features compatible with each other rather than incompatible?
Yes, it does. The use of "allowed-ips", today, is not incompatible with a zone functioning as a router and nor is configuring a zone with an exclusive instance of IP incompatible. Nor does the operation of either feature introduce any specific errors or failure conditions that preclude forwarding from functioning.
allowed-ips today is incompatible with IP forwarding; this case doesn't propose changing that.
allowed-ips is similar to Ethernet switch technology (such as Cisco source guard or the IETF work in the SAVI WG) in this respect; you have to explicitly configure the device/function which performs the filtering to not do any filtering for the packets that are coming from an IP router.
Erik _______________________________________________ opensolaris-arc mailing list [email protected]
